--- krb4-1.1/lib/roken/resolve.c.org	2002-10-23 09:44:56.000000000 +0200
+++ krb4-1.1/lib/roken/resolve.c	2002-10-23 09:50:48.000000000 +0200
@@ -133,6 +133,11 @@
     memcpy(&r->h, p, 12); /* XXX this will probably be mostly garbage */
     p += 12;
 #endif
+    if(ntohs(r->h.qdcount) != 1) {
+      free(r);
+      return NULL;
+    }
+   
     status = dn_expand(data, data + len, p, host, sizeof(host));
     if(status < 0){
 	dns_free_data(r);
@@ -232,6 +237,11 @@
 	    break;
 	}
 	case T_TXT:{
+	    if(size == 0 || size < *p + 1) {
+              free(*rr);
+              return -1;
+	    }
+
 	    (*rr)->u.txt = (char*)malloc(size + 1);
 	    if((*rr)->u.txt == NULL) {
 		dns_free_data(r);
